PwC Reports Increase in Fraud, Cyber Crime

Fraud is on the rise in the United States and globally, according to PricewaterhouseCoopers’s 2011 Global Economic Crime Survey, with cyber crime making the most significant increase in the two years since the firm’s last survey.

Overall, 45% of U.S. respondents from 158 companies reported their organization had suffered fraud in the last year, up 10 percent from 2009.

Of those respondents, 40% were affected by cyber crime.

“Cyber crime has emerged as a formidable threat, thanks to deeply determined, highly skilled, and well-organized cyber criminals, from nation states to hacktivists, from criminal gangs to lone-wolf perpetrators,” said Didier Lavion, principal in PwC’s forensic services practice. “Organizations need to be aware and adjust to this changing landscape.”

More light was shed on this emerging concern by Kim Peretti, director of advisory forensic services at PwC and former senior counsel at the criminal division’s computer crime and intellectual property section at the Department of Justice. Peretti, who worked on the Albert Gonzalez case, the largest hacking and identity theft case ever prosecuted by the DOJ, referred to cyber criminals as “good people doing bad things.”

Cyber crime also carries a low risk and high reward, Peretti said. As the sophistication of companies’ marketing functions increases and more departments have access to more data, cyber criminals have moved on from solely targeting IT departments.

Considering “cyber crime” was not a selectable answer in the 2009 Global Economic Crime Survey and was instead negligibly tracked in the “other” category, statistics are not completely clear, but according to Peretti, we are entering “an era of cyber crime.”

“Hacktivists” were once benign, she said, but with the emergence of blogging and other social networks, these hacker activists have a larger platform to host stolen data and attract the attention of the mainstream media.

Peretti also referenced Anonymous, the international hacking group that encourages civil disobedience and was recently involved with Occupy Wall Street.

In addition to more companies being touched by cyber crime, 42% of respondents, including those who had not experienced a fraud incident in the past year, expected to encounter cyber crime in the next 12 months.

According to Peretti, this bleak view reinforces a “changing goal of what is success in this area.” Instead of expecting to stop cyber crime, companies should focus on detecting the criminals “after they get in, so they can’t get out.”

The one category that topped cyber crime when it came to companies feeling at risk was asset misappropriation.

This category was also the leading type of fraud, with 93% of the respondents who reported that they had suffered fraud listing asset misappropriation as one of the crimes experienced, up from 88 percent two years ago.

Asset misappropriation is one of the hardest frauds to prevent because of companies’ unique supply chains, inventories and cost control systems, according to the report. It is also one of the most difficult frauds to track in cost, when $5 million in losses could eventually cost $25 million in revenues to recoup, Lavion said.

Lavion cautioned companies to not ignore these seemingly one-off crimes because they have the potential to become “leaky faucets.”

Other key findings of the report include:

• The typical fraudster is between 31 and 40 years old, has been employed between three and five years and has a college degree.

• The cost of frauds over $100,000 has increased from 44% to 54% over two years, with 10% reporting fraud had cost their organization over $5 million

• Territories that reported high levels of fraud (40% or more) include Kenya, South Africa and the U.K.

• Communication and insurance sectors top the list of reported frauds.

• In the U.S, 40$ of internal perpetrators were women, as compared to only 19% globally.